Boring, complex and important: a recipe for the web's dire future

Hackers have published the account information of 4.6 million users of photo messaging app Snapchat. The information, which includes usernames and partial phone numbers, with all but the last two digits on display, was published on a specially created site:

ADVERTISEMENT

SnapchatDB.info.

The site has now been suspended, but that hasn't the stopped the information from being downloaded many times over. Only users in America who live within specific area codes appear to have been targeted, but if you're worried your information might have been exposed, you can use this checker to see if your details are among those leaked.

Originally it was suspected that the site might have been set up as an attention-seeking hoax, but TechCrunch later reported it to be real and also spoke to the hackers behind SnapchatDB. "Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does," TechCrunch reports the hackers as saying. It is also still apparently considering revelaing the full, uncensored phone numbers of people.

ADVERTISEMENT

Many tech companies have bug bounty schemes, through which those who report vulnerabilities and flaws that have not been spotted in-house are rewarded -- often financially -- for pointing them out to the company or service in question. Hackers who are ignored have been known to take things into their own hands if they feel their reports are not being seriously. In August 2013, a researcher from Palestine posted a message on Facebook CEO Mark Zuckerberg's Facebook wall to prove that he could bypass the social network's privacy safeguards to post on any user's wall.

It seems as though Snapchat is yet to introduce an bug bounty scheme, but Wired.co.uk has contacted the company to confirm this and to see whether in light of the hack it has plans to introduce one. We'll update this article if we hear back.